The Latest Trick to Steal Your Passwords Without Being Detected

Latest Trick to Steal Your Passwords Without Being Detected

Passwords are one of the main targets for hackers. They can use different methods to steal the keys. In this article we echo the latest strategy with which they go unnoticed and come to put the privacy of users at risk. This is a new campaign that has been revealed by Microsoft.

Morse code, the latest trick to steal passwords

One of the most used techniques to steal passwords is Phishing . Basically it is an email or message that we supposedly receive from a legitimate source, but when the keys are entered, they end up on a server controlled by the attackers. For example, this happens when we receive an e-mail from supposedly our bank asking us to log in to solve a problem. The reality is that it is a scam and that key is going to fall into the wrong hands.

However, these attacks are increasingly being detected. The e-mail providers themselves, the security programs, the users themselves when we see a suspicious link or logo, etc. But of course, hackers are constantly updated to avoid detection and to carry out their attacks.

That’s where the Morse code tactic comes in. Microsoft has detected a campaign that is based on an HTML file. The individual parts of that file are designed to appear harmless and not be detected by antivirus. It only reveals its true content when the segments are decoded and assembled together.

Filtración de contraseñas

HTML attachment

From Microsoft they indicate that this HTML attachment is divided into several segments , including JavaScript files that are used to steal passwords, which are then encoded using various mechanisms. But the most striking of all is that they use encryption methods, including Morse code. This allows you to hide those segments.

If a user opens that file, a browser window automatically opens with a dialog to sign in to Microsoft 365 . Logically it is something false. Once the victim has logged in, the attackers can steal the passwords. They also use malware to collect data in the background. Keep in mind that there are many methods to steal passwords.

They have indicated that these types of attacks, in which they use Morse code to avoid being detected by the antivirus , have been seen in campaigns since February. They warn that email attacks have increased considerably in recent times, as they represent a significant possibility for hackers.

This makes it essential to maintain security when we are going to open an attachment that we receive by mail or any link that takes us to a web page to log in. Common sense in these cases will be essential, but it is also advisable to have security programs. A good antivirus, such as Windows Defender, Avast or Bitdefender, will help us maintain security and avoid downloading malicious files.